2

I have encountered the following issue while developing a secure system:

We receive some data which we have to verify by signature. The signature algorithm is ecdsa-with-SHA256, and openssl_verify() doesn't seem to have an option for that. Already tried searching for standalone PHP libraries like phpseclib - no luck either, ecdsa-with-SHA1 is the best option they seem to offer.

What would be an appropriate solution for that issue? Maybe I've missed some library that implements such functionality?

Matthew T
  • 103
  • 3
  • 16

1 Answers1

3

PHP's openssl_ currently supports ECDSA only with SHA1 digest (reefer to openssl_get_md_methods() output, position [14]). You'll need a workaround for this. From comments of this question (closed as off topic, by the way), but it was focused on bitcoin implementations.

Community
  • 1
  • 1
al'ein
  • 1,711
  • 1
  • 14
  • 21
  • Even though I've already found that information, thanks for your answer. What would you consider the best practice then? Simply passing the data to some external c++\python script? – Matthew T Oct 07 '15 at 12:41
  • Yes, if I'd have to think of a workaround, surely would be an external small app only for that. – al'ein Oct 07 '15 at 12:44
  • 1
    Since this answer seems the only correct one, I'll mark it as one. Thanks again! – Matthew T Oct 07 '15 at 15:35